README
This is the README file for phpcksec v0.2.0 by Stefan Ott Get the latest version at http://tools.desire.ch/phpcksec/ =============================================================================== PURPOSE ======= This script helps you test your webserver's security, especially the open_basedir and safe_mode restrictions. It does so by giving you a file-browser interface which allows you to read ANY file on the server you have access to. CONFIGURATION ============= The configuration is rather easy: $config['modes'] contains the available ways to gather the information as 'name' => 'format', while format is either '_default' for php internal commands or some custom name. If you define a custom mode, have a look at the 'unix tools' example - it's quota easy. Set the type to 'system' (no other types currently exist), and define a command to get a directory index as well as one to show a file. The 'unix tools' example should give reasonable default values for Linux and UNIX systems - users of other, inferior operating systems might want to change them. INSTALLATION ============ Put phpcksec.php somewhere in your webroot - done. WARNING ======= Do *NOT* leave this script in your document root after the test - somebody might find it and will, regardless of how good your configuration is, be able to at least view config files for tools running on the same virtual host, like like database passwords. REQUIRES ======== * PHP (tested with version 4.1.2 and 4.3.8) * Some webserver (tested with Apache 1.3) CONTACT ======= If you find any bugs or have any idea of how to improve this tool, you can find my contact details at http://www.desire.ch/